21034323ecd61fbdd6c289fd7e968de87a9f2e219aa850ea021f57e49def16ab

Sharing

Copy URL Twitter E-mail

General

Target

21034323ecd61fbdd6c289fd7e968de87a9f2e219aa850ea021f57e49def16ab
Size

3.9MB
MD5

3960b56de97cc232b5e3175a699a9de7
SHA1

1ef164e4a6fb3154b02c74a728e7014feb202819
SHA256

21034323ecd61fbdd6c289fd7e968de87a9f2e219aa850ea021f57e49def16ab
SHA512

614e90fca5c4ace56ac7c409cb42d16ca30d76a68f36c29fde8ae9ba0f497725670b8311c5a6bfb2496523ec72cbc5cba2e0e76bfbf1eec9e80b3f817f1f1b7f
SSDEEP

98304:zeWsBSQ4jYxyD1Q0PDEWZipOvt+oOGl6TP:qRIQ4jYSQ0LZ7vl6T

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21034323ecd61fbdd6c289fd7e968de87a9f2e219aa850ea021f57e49def16ab

Files

21034323ecd61fbdd6c289fd7e968de87a9f2e219aa850ea021f57e49def16ab
.dll windows:6 windows x86 arch:x86

16a116484ae0687bb7d4a2e1c4c99239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetStdHandle
WriteFile
VirtualAlloc
GetDriveTypeA
SetFileTime
FindNextFileA
SetThreadPriority
Thread32Next
Thread32First
FindResourceA
FindClose
GetCurrentThreadId
lstrcmpA
SuspendThread
lstrcatA
GetModuleHandleA
OpenProcess
GetVersion
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
CreateFileA
LoadLibraryA
DeleteFileA
lstrcpyA
CloseHandle
LoadLibraryW
CreateThread
LoadResource
GetLogicalDriveStringsA
VirtualProtectEx
Beep
VirtualFree
MoveFileA
GetFileSize
ExitProcess
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
lstrcmpiA
GetDiskFreeSpaceExA
CreateDirectoryA
VirtualQuery
GetFileTime
OpenThread
SetUnhandledExceptionFilter
HeapCreate
HeapFree
ResumeThread
HeapReAlloc
HeapAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
WriteConsoleW
HeapSize
SetStdHandle
FlushFileBuffers
CreateFileW
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileA
GetProcAddress
SizeofResource
GetModuleFileNameA
ReadFile
FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetFileType
LCMapStringW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
DecodePointer
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ntdll

RtlFreeUnicodeString
LdrLoadDll
NtAllocateVirtualMemory
NtProtectVirtualMemory
LdrGetProcedureAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString

shlwapi

StrStrIA

ws2_32

htons
socket
WSAStartup

user32

GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Sections

.text
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16a116484ae0687bb7d4a2e1c4c99239

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

shlwapi

ws2_32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 89KB

.rdata Size: - Virtual size: 28KB

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1.1MB

.text
Size: - Virtual size: 89KB

.rdata
Size: - Virtual size: 28KB

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1.1MB